doorkeeper_sso 0.1.0.pre.alpha → 0.2.0

data/lib/sso/doorkeeper/authorizations_controller_mixin.rb

@@ -13,10 +13,22 @@ module Sso
       def after_grant_create
         debug { "AuthorizationsController#Create : after_action" }
         code_response = authorization.instance_variable_get("@response")
-        if code_response
-          warden_session = session["warden.user.user.session"]
-          debug { "Sso::Session.update_master_with_grant - #{warden_session["sso_session_id"].inspect}, #{code_response.auth.token.inspect}" }
-          Sso::Session.update_master_with_grant(warden_session["sso_session_id"], code_response.auth.token)
+        oauth_grant = code_response.try(:auth).try(:token)
+
+        warden_session = session["warden.user.user.session"]
+        session = Sso::Session.find_by!(id: warden_session["sso_session_id"])
+
+        if session.try(:active?)
+          error { "AuthorizationsControllerMixin - Sso::Session Inactive #{session.inspect}"}
+          warden.logout(:user) and return
+        end
+
+        if oauth_grant
+          debug { "Sso::Session.update_master_with_grant - #{session.id.inspect}, #{oauth_grant.inspect}" }
+          session.clients.find_or_create_by!(access_grant_id: oauth_grant.id)
+        else
+          error { "AuthorizationsControllerMixin - Unable to get grant id"}
+          warden.logout(:user) and return
         end
       end
     end

data/lib/sso/doorkeeper/tokens_controller_mixin.rb

@@ -1,11 +1,16 @@
+require 'active_support/concern'
+
 module Sso
   module Doorkeeper
     module TokensControllerMixin
+      extend ActiveSupport::Concern
+      include ::Sso::Logging
+
       included do
         after_action :after_token_create, only: :create
       end
 
-    protected
+      protected
 
       def after_token_create
         debug { "TokensController#Create : after_action" }
@@ -16,10 +21,15 @@ module Sso
         # We cannot rely on session[:sso_session_id] here because the end-user might have cookies disabled.
         # The only thing we can rely on to identify the user/Passport is the incoming grant token.
         debug { %(Detected outgoing "Access Token" #{outgoing_access_token.inspect}) }
-        if sso_session = Sso::Session.update_master_with_access_token(grant_token, outgoing_access_token)
-          debug { "::Sso::Session.register_access_token success for access_token: #{outgoing_access_token}" }
+
+        unless client = ::Sso::Client.find_by_grant_token(grant_token)
+          error { "::Sso::Client not found for grant token #{grant_token}" }
+        end
+
+        if client.update_access_token(outgoing_access_token)
+          debug { "::Sso::Client.update_access_token success for access_token: #{outgoing_access_token}" }
         else
-          debug { "::Sso::Session.register_access_token failed. #{sso_session.errors.inspect}" }
+          error { "::Sso::Session.update_access_token failed. #{client.errors.inspect}" }
           warden.logout
         end
       end
@@ -38,4 +48,4 @@ module Sso
       end
     end
   end
-end
+end

data/lib/sso/engine.rb

@@ -2,7 +2,31 @@ module Sso
   class Engine < ::Rails::Engine
     isolate_namespace Sso
 
+    # New test framework integration
+    config.generators do |g|
+      g.test_framework  :rspec,
+                        :fixtures => true,
+                        :view_specs => false,
+                        :helper_specs => false,
+                        :routing_specs => false,
+                        :controller_specs => true,
+                        :request_specs => false
+      g.fixture_replacement :fabrication
+    end
+
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+
     config.after_initialize do
+      ::Doorkeeper::Application.send(:include, Sso::Doorkeeper::ApplicationMixin)
+      ::Doorkeeper::AccessGrant.send(:include, Sso::Doorkeeper::AccessGrantMixin)
+      ::Doorkeeper::AccessToken.send(:include, Sso::Doorkeeper::AccessTokenMixin)
+
 
       ::Doorkeeper::TokensController.send(:include, AbstractController::Callbacks)
       ::Doorkeeper::TokensController.send(:include, Sso::Doorkeeper::TokensControllerMixin)
@@ -11,9 +35,11 @@ module Sso
       ::Warden::Manager.after_authentication(scope: :user, &::Sso::Warden::Hooks::AfterAuthentication.to_proc)
       ::Warden::Manager.before_logout(scope: :user, &::Sso::Warden::Hooks::BeforeLogout.to_proc)
 
+      # TODO : Infinite loop with before_logout
+      # ::Warden::Manager.after_fetch(scope: :user, &::Sso::Warden::Hooks::SessionCheck.to_proc)
+
       # TODO : Why does it need a passport strategy
       # Warden::Strategies.add :passport, ::Sso::Server::Warden::Strategies::Passport
-
     end
   end
 end

data/lib/sso/engine.rb.orig

@@ -0,0 +1,46 @@
+module Sso
+  class Engine < ::Rails::Engine
+    isolate_namespace Sso
+
+<<<<<<< HEAD
+    # New test framework integration
+    config.generators do |g|
+      g.test_framework  :rspec,
+                        :fixtures => true,
+                        :view_specs => false,
+                        :helper_specs => false,
+                        :routing_specs => false,
+                        :controller_specs => true,
+                        :request_specs => false
+      g.fixture_replacement :fabrication
+=======
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+>>>>>>> 4400323a20d61fedd59372c74cf3d32e72a52f09
+    end
+
+    config.after_initialize do
+      ::Doorkeeper::Application.send(:include, Sso::Doorkeeper::ApplicationMixin)
+      ::Doorkeeper::AccessGrant.send(:include, Sso::Doorkeeper::AccessGrantMixin)
+      ::Doorkeeper::AccessToken.send(:include, Sso::Doorkeeper::AccessTokenMixin)
+
+
+      ::Doorkeeper::TokensController.send(:include, AbstractController::Callbacks)
+      ::Doorkeeper::TokensController.send(:include, Sso::Doorkeeper::TokensControllerMixin)
+      ::Doorkeeper::AuthorizationsController.send(:include, Sso::Doorkeeper::AuthorizationsControllerMixin)
+
+      ::Warden::Manager.after_authentication(scope: :user, &::Sso::Warden::Hooks::AfterAuthentication.to_proc)
+      ::Warden::Manager.before_logout(scope: :user, &::Sso::Warden::Hooks::BeforeLogout.to_proc)
+
+      # TODO : Infinite loop with before_logout
+      # ::Warden::Manager.after_fetch(scope: :user, &::Sso::Warden::Hooks::SessionCheck.to_proc)
+
+      # TODO : Why does it need a passport strategy
+      # Warden::Strategies.add :passport, ::Sso::Server::Warden::Strategies::Passport
+    end
+  end
+end

data/lib/sso/logging.rb

@@ -5,7 +5,7 @@ module Sso
   module Logging
     extend ActiveSupport::Concern
 
-    class_methods do
+    module ClassMethods
       def debug(&block)
         logger && logger.debug(progname, &block)
       end

data/lib/sso/version.rb

@@ -1,3 +1,3 @@
 module Sso
-  VERSION = "0.1.0-alpha"
+  VERSION = "0.2.0"
 end

data/lib/sso/warden/hooks/after_authentication.rb

@@ -5,6 +5,8 @@ module Sso
         include ::Sso::Logging
 
         attr_reader :user, :warden, :options
+        delegate :request, to: :warden
+        delegate :params, to: :request
 
         def self.to_proc
           proc do |user, warden, options|
@@ -18,9 +20,10 @@ module Sso
 
         def call
           debug { "Starting hook because this is considered the first login of the current session..." }
-          request = warden.request
-          session = warden.session(:user)
+          generate_session
+        end
 
+        def generate_session
           debug { "Generating a Sso:Session for user #{user.id.inspect} for the session cookie at the Sso server..." }
           attributes = {  ip: request.ip, agent: request.user_agent }
 
@@ -28,6 +31,18 @@ module Sso
           debug { "Sso:Session with ID #{sso_session.id} generated successfuly. Persisting it in session..." }
           session["sso_session_id"] = sso_session.id.to_s
         end
+
+        def scope
+          scope = options[:scope]
+        end
+
+        def session
+          warden.session(scope)
+        end
+
+        def logged_in?
+          warden.authenticated?(:user) && session
+        end
       end
     end
   end

data/lib/sso/warden/hooks/before_logout.rb

@@ -7,7 +7,6 @@ module Sso
         attr_reader :user, :warden, :options
         delegate :request, to: :warden
         delegate :params, to: :request
-        delegate :session, to: :request
 
         def self.to_proc
           proc do |user, warden, options|
@@ -21,13 +20,23 @@ module Sso
 
         def call
           # Only run if user is logged in
-          if warden.authenticated?(:user) && (session = warden.session(:user))
-            debug { 'Destroy all Sso::Session groups before logout' }
-            debug { session.inspect }
+          if logged_in?
+            debug { "Logout Sso::Session - #{session["sso_session_id"]}" }
             Sso::Session.logout(session["sso_session_id"])
-            #Passports.logout passport_id: params['passport_id'], provider_passport_id: session['sso_session_id']
           end
         end
+
+        def scope
+          scope = options[:scope]
+        end
+
+        def session
+          warden.session(scope)
+        end
+
+        def logged_in?
+          warden.authenticated?(:user) && session
+        end
       end
     end
   end

data/lib/sso/warden/hooks/session_check.rb

@@ -0,0 +1,45 @@
+module Sso
+  module Warden
+    module Hooks
+      class SessionCheck
+        include ::Sso::Logging
+
+        attr_reader :user, :warden, :options
+        delegate :request, to: :warden
+        delegate :params, to: :request
+
+        def self.to_proc
+          proc do |user, warden, options|
+            new(user: user, warden: warden, options: options).call
+          end
+        end
+
+        def initialize(user:, warden:, options:)
+          @user, @warden, @options = user, warden, options
+        end
+
+        def call
+          debug { "Starting hook after user is fetched into the session" }
+
+          # Infinite loop with BeforeLogout - before logout runs this too
+          unless Sso::Session.find_by(id: session["sso_session_id"]).try(:active?)
+            warden.logout(:user)
+            throw(:warden, :scope => scope, :reason => "Sso::Session not found")
+          end
+        end
+
+        def scope
+          scope = options[:scope]
+        end
+
+        def session
+          warden.session(scope)
+        end
+
+        def logged_in?
+          warden.authenticated?(:user) && session
+        end
+      end
+    end
+  end
+end

data/spec/api/schemas/session.json

@@ -0,0 +1,35 @@
+{
+  "type": "object",
+  "required" : [
+    "id",
+    "active?",
+    "secret",
+    "owner"
+  ],
+  "properties": {
+    "id" : { "type" : "string" },
+    "active?" : { "type" : "boolean" },
+    "revoked_at" : { "type": ["string", "null"], "format": "date-time" },
+    "revoke_reason" : { "type": ["string", "null"] },
+    "secret" : { "type" : "string" },
+    "owner" : {
+      "type" : "object",
+      "required" : [
+        "id",
+        "name",
+        "email",
+        "first_name",
+        "last_name",
+        "lang"
+      ],
+      "properties" : {
+        "id" : { "type" : "integer" },
+        "name" : { "type" : "string" },
+        "email" : { "type" : "string" },
+        "first_name" : { "type" : "string" },
+        "last_name" : { "type" : "string" },
+        "lang" : { "type" : "string" }
+      }
+    }
+  }
+}

data/spec/controllers/sso/sessions_controller_spec.rb

@@ -4,24 +4,64 @@ RSpec.describe Sso::SessionsController, :type => :controller do
   routes { Sso::Engine.routes }
   render_views
 
-  describe "GET show" do
+  pending "GET jsonp" do
     let(:user) { Fabricate(:user) }
 
     context "logged_in" do
       before() {  sign_in user }
 
       it "returns not authorized" do
-        get :show, format: :json
+        get :jsonp, format: :json
         expect(response).to have_http_status(:ok)
       end
     end
 
     context "not logged_in" do
       it "returns not authorized" do
+        get :jsonp, format: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+
+  describe "GET show" do
+    let(:user) { Fabricate(:user) }
+
+    context "not logged_in" do
+      it do
         get :show, format: :json
         expect(response).to have_http_status(:unauthorized)
       end
     end
+
+    context "logged_in" do
+      let(:user) { Fabricate(:user) }
+      let(:application) { Fabricate('Doorkeeper::Application') }
+      let(:access_token) { Fabricate('Doorkeeper::AccessToken',
+                                     resource_owner_id: user.id) }
+      let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                     application_id: application.id,
+                                     resource_owner_id: user.id,
+                                     redirect_uri: 'http://localhost:3002/oauth/callback'
+                                    ) }
+
+      let(:session) {  Fabricate('Sso::Session', owner: user) }
+      let!(:client) {  Fabricate('Sso::Client', session: session,
+                                    application_id: application.id,
+                                    access_token_id: access_token.id,
+                                    access_grant_id: access_grant.id) }
+
+      before do
+        allow(controller).to receive(:doorkeeper_authorize!).and_return(true)
+        allow(controller).to receive(:doorkeeper_token).and_return(access_token)
+
+        get :show, format: :json
+      end
+
+      it { expect(response).to have_http_status(:ok) }
+      it { expect(assigns(:session)).to eq session }
+      it { expect(response).to match_response_schema("session") }
+    end
   end
 
   describe "POST create" do
@@ -37,8 +77,7 @@ RSpec.describe Sso::SessionsController, :type => :controller do
 
     context "logged_in" do
       let(:user) { Fabricate(:user) }
-      let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
-      let(:master_sso_session) { Sso::Session.generate_master(user, attributes) }
+      let(:master_sso_session) { Sso::Session.generate_master(user, { ip: "10.1.1.1", agent: "Safari" }) }
       let(:access_token) { Fabricate("Doorkeeper::AccessToken",
                                      resource_owner_id: user.id) }
       let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
@@ -47,18 +86,19 @@ RSpec.describe Sso::SessionsController, :type => :controller do
                                     ) }
 
       before do
-        master_sso_session.access_token_id = access_token.id
-        master_sso_session.access_grant_id = access_grant.id
-        master_sso_session.save
-
         allow(controller).to receive(:doorkeeper_authorize!).and_return(true)
         allow(controller).to receive(:doorkeeper_token).and_return(access_token)
 
+        # Create a client with access grant & access token
+        master_sso_session.clients.find_or_create_by!(access_grant_id: access_grant.id, access_token_id: access_token.id)
         post :create, params
       end
 
       it { expect(response).to have_http_status(:created) }
-      it { expect(assigns(:user)).to eq user }
+      it { expect(assigns(:session)).to eq master_sso_session }
+      it { expect(response).to match_response_schema("session") }
+      it { expect(master_sso_session.clients).to include ::Sso::Client.find_by(access_token: access_token) }
+      it { expect(master_sso_session.clients.map(&:ip)).to include "202.188.0.133" }
     end
   end
 

data/spec/fabricators/api_application_fabricator.rb

@@ -1,6 +1,6 @@
 Fabricator(:api_application) do
-  name { Faker::Internet.domain_word }
-  api_key { Faker::Lorem.characters(16) }
+  name { FFaker::Internet.domain_word }
+  api_key { FFaker::Lorem.characters(16) }
 end
 
 # == Schema Information